Vulnerability Database
Blog
FAQ
Docs
RHSA-2022:1861
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2022:1861
Import Source
https://security.access.redhat.com/data/osv/RHSA-2022:1861.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2022:1861
Related
CVE-2020-13956
Published
2024-10-01T18:20:33Z
Modified
2024-11-22T23:42:39Z
Severity
5.3 (Medium)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Calculator
Summary
Red Hat Security Advisory: maven:3.5 security update
Details
References
https://access.redhat.com/errata/RHSA-2022:1861
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
https://bugzilla.redhat.com/show_bug.cgi?id=1886587
https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1861.json
https://access.redhat.com/security/cve/CVE-2020-13956
https://www.cve.org/CVERecord?id=CVE-2020-13956
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
https://www.openwall.com/lists/oss-security/2020/10/08/4
Affected packages
Red Hat:enterprise_linux:8::appstream
/
aopalliance
Package
Name
aopalliance
Purl
pkg:rpm/redhat/aopalliance
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0-17.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
apache-commons-cli
Package
Name
apache-commons-cli
Purl
pkg:rpm/redhat/apache-commons-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4-4.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
apache-commons-codec
Package
Name
apache-commons-codec
Purl
pkg:rpm/redhat/apache-commons-codec
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.11-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
apache-commons-io
Package
Name
apache-commons-io
Purl
pkg:rpm/redhat/apache-commons-io
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:2.6-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
apache-commons-lang3
Package
Name
apache-commons-lang3
Purl
pkg:rpm/redhat/apache-commons-lang3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.7-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
apache-commons-logging
Package
Name
apache-commons-logging
Purl
pkg:rpm/redhat/apache-commons-logging
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2-13.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
atinject
Package
Name
atinject
Purl
pkg:rpm/redhat/atinject
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1-28.20100611svn86.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
cdi-api
Package
Name
cdi-api
Purl
pkg:rpm/redhat/cdi-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2-8.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
geronimo-annotation
Package
Name
geronimo-annotation
Purl
pkg:rpm/redhat/geronimo-annotation
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0-23.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
glassfish-el
Package
Name
glassfish-el
Purl
pkg:rpm/redhat/glassfish-el
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.0.1-0.7.b08.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
glassfish-el-api
Package
Name
glassfish-el-api
Purl
pkg:rpm/redhat/glassfish-el-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.0.1-0.7.b08.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
google-guice
Package
Name
google-guice
Purl
pkg:rpm/redhat/google-guice
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.1-11.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
guava20
Package
Name
guava20
Purl
pkg:rpm/redhat/guava20
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:20.0-8.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
hawtjni
Package
Name
hawtjni
Purl
pkg:rpm/redhat/hawtjni
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.16-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
hawtjni-runtime
Package
Name
hawtjni-runtime
Purl
pkg:rpm/redhat/hawtjni-runtime
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.16-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
httpcomponents-client
Package
Name
httpcomponents-client
Purl
pkg:rpm/redhat/httpcomponents-client
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.5.5-5.module+el8.6.0+13298+7b5243c0
Red Hat:enterprise_linux:8::appstream
/
httpcomponents-core
Package
Name
httpcomponents-core
Purl
pkg:rpm/redhat/httpcomponents-core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.4.10-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
jansi
Package
Name
jansi
Purl
pkg:rpm/redhat/jansi
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.17.1-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
jansi-native
Package
Name
jansi-native
Purl
pkg:rpm/redhat/jansi-native
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7-7.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
jboss-interceptors-1.2-api
Package
Name
jboss-interceptors-1.2-api
Purl
pkg:rpm/redhat/jboss-interceptors-1.2-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.0-8.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
jcl-over-slf4j
Package
Name
jcl-over-slf4j
Purl
pkg:rpm/redhat/jcl-over-slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.25-4.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
jsoup
Package
Name
jsoup
Purl
pkg:rpm/redhat/jsoup
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.11.3-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven
Package
Name
maven
Purl
pkg:rpm/redhat/maven
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.5.4-5.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-lib
Package
Name
maven-lib
Purl
pkg:rpm/redhat/maven-lib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.5.4-5.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver
Package
Name
maven-resolver
Purl
pkg:rpm/redhat/maven-resolver
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-api
Package
Name
maven-resolver-api
Purl
pkg:rpm/redhat/maven-resolver-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-connector-basic
Package
Name
maven-resolver-connector-basic
Purl
pkg:rpm/redhat/maven-resolver-connector-basic
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-impl
Package
Name
maven-resolver-impl
Purl
pkg:rpm/redhat/maven-resolver-impl
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-spi
Package
Name
maven-resolver-spi
Purl
pkg:rpm/redhat/maven-resolver-spi
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-transport-wagon
Package
Name
maven-resolver-transport-wagon
Purl
pkg:rpm/redhat/maven-resolver-transport-wagon
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-resolver-util
Package
Name
maven-resolver-util
Purl
pkg:rpm/redhat/maven-resolver-util
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.1.1-2.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-shared-utils
Package
Name
maven-shared-utils
Purl
pkg:rpm/redhat/maven-shared-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.2.1-0.1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-wagon
Package
Name
maven-wagon
Purl
pkg:rpm/redhat/maven-wagon
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-wagon-file
Package
Name
maven-wagon-file
Purl
pkg:rpm/redhat/maven-wagon-file
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-wagon-http
Package
Name
maven-wagon-http
Purl
pkg:rpm/redhat/maven-wagon-http
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-wagon-http-shared
Package
Name
maven-wagon-http-shared
Purl
pkg:rpm/redhat/maven-wagon-http-shared
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
maven-wagon-provider-api
Package
Name
maven-wagon-provider-api
Purl
pkg:rpm/redhat/maven-wagon-provider-api
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-1.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-cipher
Package
Name
plexus-cipher
Purl
pkg:rpm/redhat/plexus-cipher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7-14.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-classworlds
Package
Name
plexus-classworlds
Purl
pkg:rpm/redhat/plexus-classworlds
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.5.2-9.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-containers
Package
Name
plexus-containers
Purl
pkg:rpm/redhat/plexus-containers
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-8.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-containers-component-annotations
Package
Name
plexus-containers-component-annotations
Purl
pkg:rpm/redhat/plexus-containers-component-annotations
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-8.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-interpolation
Package
Name
plexus-interpolation
Purl
pkg:rpm/redhat/plexus-interpolation
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.22-9.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-sec-dispatcher
Package
Name
plexus-sec-dispatcher
Purl
pkg:rpm/redhat/plexus-sec-dispatcher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4-26.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
plexus-utils
Package
Name
plexus-utils
Purl
pkg:rpm/redhat/plexus-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.1.0-3.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
sisu
Package
Name
sisu
Purl
pkg:rpm/redhat/sisu
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:0.3.3-6.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
sisu-inject
Package
Name
sisu-inject
Purl
pkg:rpm/redhat/sisu-inject
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:0.3.3-6.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
sisu-plexus
Package
Name
sisu-plexus
Purl
pkg:rpm/redhat/sisu-plexus
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:0.3.3-6.module+el8+2452+b359bfcd
Red Hat:enterprise_linux:8::appstream
/
slf4j
Package
Name
slf4j
Purl
pkg:rpm/redhat/slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.25-4.module+el8+2452+b359bfcd
RHSA-2022:1861 - OSV